RDKsoftware and web development

I've advised people to check suspicious files at virustotal.com, now I'll say be careful.

VirusTotal.com is still what it used to be, but there is now a fake out there.

Here's a tweet from the project manager at VirusTotal.

http://twitter.com/jcanto/status/9685945726

According to a report published in the "Network World", the biggest vectors for web hacking in 2009 were social networks, SQL injection, cross-site-scripting, authentication abuse, and cross-domain-request-forgery.

The concern about social networks is something I've written about before. I use twitter to announce my money making projects, linked-in to outline my professional achievements, and face-book to socialize with others. However; I do not tweet my intimate thoughts, put a detailed resume on linked-in, or reveal anything too personal on my FB wall.

In January there was a big attack against Google that apparently used a flaw in Internet Explorer which got the name "aurora".

Another attack has been proven possible on unbreakable wireless networks. I have heard WEP called "unbreakable" and I have heard the word "unbreakable" used for WPA after WEP was broken. But now both WEP and WPA have been broken. WPA2 seems to be the next best thing. However, the situation is not as dire as some make it sound. There are four items that must be secured to be able to resist the latest wireless exploits. Break these rules and you are you are vulnerable to the attack:

This time the focus is on the Ajax Session module which should be removed from all Drupal installations.

If anybody noticed, I'm not writing regular updates about Drupal security like I did last year. If you keep your installed core, modules, and themes up to date then 90% of my 2008 posts will be redundant. Now I'm just writing about issues that go beyond keeping things up to date. For example; modules that should be avoided. Programming practices that can be dangerous.

Mrs. Palin's recent experience with online privacy has given many a reason to be paranoid. Many of the standard practices on the Internet today only opens us up to security and privacy woes.

Well, SANS did another report on how long an unpatched, Windows system would survive on the Internet without being infected by something.

Then did the same study in 2003 and in 2004 and each time the length is drastically reduced. This points to two things: 1st the necessity for SP2 or SP3 today and the fact that the Internet underground is getting much more sophisticated every day.

2003 = 40 minutes
2004 = 20 minutes
2008 = 4 minutes

The good part is that Microsoft and the AV gang caught a bunch of some malicious little critters. The bad part is the numbers. What's confusing and ugly to me is that people are willing to trade virtual assets for real ones.

There were three Drupal security announcements today (6-18-2008). All of them were either "highly critical" or "critical". All three were third-party modules and the core was not affected by any of them.

Five hours after Firefox 3 was released, DVlabs alerted the public to a vulnerability that an anonymous researcher reported to them.

There seems to be a lot of fear from the Mozilla fans and prophesizing from the rest. This has definitely got the zealots attention.

Despite all the smoke, there are only four things can be sure of as of this date and time: